I have been reading many reviews of courses and I must say that this forum is incredibly helpful and informative.

Let me explain my - perhaps unusual - situation.

I'm not a pentester nor am I in the IT industry nor have I taken any kind of formal computer-related course. I'm just someone who is interested in security and enjoys learning new things. I have decided that it would be a good investment to pay money to learn in an academic-type of environment which is structured. I don't really care about certification.

I do not consider myself to be a 'natural' (if such a person exists) but rather someone who learns through constant practice. I mention this because I am the type of individual who needs a level of guidance in order to learn. Simply saying "try harder" is not necessarily appropriate for my character.

That said I have taught myself a few things over the years. I know basic Python. I've used a number of common tools (like Reaver, Pyrit, Aircrack suite, BackTrack, Medusa and suchlike - nothing complicated through).

I originally was interested in Penetration Testing with Backtrack (PWB) but soon ruled it out as it does not sound like an introductory course (even through it apparently is). It strikes me that it is for people who have far more advanced skills than I do. Then I looked at the Hacking Dojo. The main issue seems to be that it is a one-man operation which can cause problems if the trainer is unwell or suchlike. Also I am not convinced that I like the idea of stages before you can move upwards.

The eLearn videos apparently are longer and more professionally created. As mentioned, I need something that provides a level of clarity. The Hacker Academy review implied that external material provides more information which questions what one is paying for.

I would certainly appreciate any comments about these courses and the differences between them. I'm happy to provide more information if that will help.

EDIT:Ok, so it's been a while since I was a member of THA, but when I went through it was a good program. Despite the corny advertising, I remember the information was pretty decent, and there was an opportunity to communicate with the staff.

While some would disagree with me I would suggest looking at Mile2's offering in this arena, the CPTE. I did go through their training material and I enjoyed it much more than EC-Council's version. The cert itself may have no value, but I liked the training.

Last edited by SephStorm on Mon Jan 28, 2013 7:58 am, edited 1 time in total.

I can't comment on the eLearn/Dojo courses since I haven't taken them (although, I have the same concerns as you re. Dojo based on recent posts).

Sounds like your skill level is beyond EC Council's CEH course - which I have taken - so I'd strike them off your list. Personally, I'd put off the OSCP until you have some more formal training under your belt.

I can speak to eLearnSecurity's Student course. It's split into 2 different categories: basic skills and pentesting. Basic skills explains the pentesting process, basics of vuln assessments, networking and packets, how web applications work, etc. The pentesting section builds on the basic skills and gets into the different ways of gathering info about the victim, then dives into the basics of attacking: password cracking, XSS, SQL injection, buffer overflows, etc.

It's really a great foundation for diving into the Pro course. But if you already have familiarity with these things, then I'd suggest going for the Pro course. The Pro course is split up into 3 categories as well: system, networking, and web application pentesting. I really enjoyed the web app section - I was aware of some of the ideas, but had never put any of it into practice. My background was more from a networking side so I didn't get as much out of that section, but it's still very good. Honestly, I haven't gone through the system pentesting section as much as I'd like to. It's not something that's piqued my interest just as much yet.

** Mind you I took the old version (mid-2012) of the Pro course. It was upgraded the end of this last year.

I originally enrolled in ELS to get some experience and knowledge to help me break into the security industry. Once I got a job in the industry I was offered a good deal on THA so I took it.

I honestly think you would be good with either one. I find that they complement each other very well but either one will serve as a good first step. It depends on what you are looking for.

THA is still updating their course and putting out new modules. Recently they put out new modules on the methodology of pen testing and project management of a Red Team. They also have other modules that you won't find in ELS like Reverse Engineering and Digital Forensics.

ELS however has the better labs in my opinion. THA uses cloud based labs that never work for me and when they do they are slow. You also have the option of doing it completely on VirtualBox which has worked for me. ELS has nice labs and good walkthroughs to help you out.

As for the student ELS course. I bought the package deal with both student and Pro. Honestly, if you aren't completely new to security I don't think you need the student course. It's pretty basic information and I think you could get the same information with a cheap security+ book.

Like I said they are both good first steps. I am planning on taking the ELS cert test soon and then I'm going on to the OSCP. And then when I get time I will go back to the forensics and reverse engineering courses in THA. I would say take the ELS Pro if you want pen testing and THA if the extras interest you like forensics and reverse engineering.